Meer weten over veilige IT/OT-integratie in kritieke infrastructuur? Meld je nu aan voor de Round Table op 17 april 2025

Securing the unbreachable: Why EAL7+ DataDiodes are essential in high-stakes data security

Imagine being able to transfer data across different network domains without worrying about hackers, malware, or data leakage. Does this sound too good to be true? It’s not. There is a technology that can do exactly that: the DataDiode. DataDiodes are arguably the safest way to move data across network domains with different levels of trust or security. 

But some DataDiodes are more secure than others. The best way to compare their effectiveness is by looking at their EAL certification – an international cyber security standard. In this article, you will learn what DataDiodes are all about and the main risks addressed by the highest value of EAL certification: Level 7+. 

Getting to grips with EAL7+ certification

“EAL” stands for “Evaluation Assurance Level”, which is a scale used to assess how well a product complies with internationally recognised IT security criteria, known as Common Criteria. An international quality standard, ISO/IEC 15408, defines the EAL levels and their criteria.

For over two decades, the Common Criteria have standardised how organisations and governments protect information and systems. And how to test security products to different levels of confidence. In total, there are eight different confidence levels, ranging from EAL1 to EAL7+. The difference in confidence level relates to the extent and formality of the verification methods.

Different levels of EAL

Starting from EAL4, you are dealing with a high-level security product. EAL7+ is the highest level of certification. EAL7+ certification means that the product meets all the EAL7 criteria and some other assurance components. It certifies that the product and its entire delivery process (from manufacture to installation) have been formally tested and verified to the furthest extent possible.

An organisation’s choice of security level depends on the risk acceptance, security objectives and available resources of this organisation when using the product. EAL7+ is suitable for products used in extremely high-risk situations. In these situations, the protection of critical or highly sensitive information is often a life-or-death matter.

Importance of EAL7+ certification for DataDiodes

Let’s quickly review the concept of a DataDiode and then discuss its potential vulnerabilities to various threats. A DataDiode is a physical network device that routes the flow of information in one direction, and in one direction only. 

Using a DataDiode is like depositing cash in a bank’s night safety deposit box. You can put money in through the shutter, but once you let go of it, you can’t take it out the same way. Because DataDiodes are physical-layer network devices, this technology provides superior security to software firewalls; no ports (open or closed) are ever exposed beyond the secure network.  

EAL7+ certification for DataDiodes 100% guarantees that a DataDiode never transfers data between an untrusted network and a trusted one in the undesired direction.

Threats EAL7+ addresses

Now you have a better understanding of what DataDiodes do, we can examine the security risks addressed by EAL7+ certification: 

  • Physical tampering: EAL7+ requires physical protection of the product. This is to prevent tampering both within the production supply chain, delivery process and during operations. DataDiodes may use seals, locks, alarms, or sensors to detect physical attacks. 
  • Side-channel analysis: EAL7+ requires identifying and addressing potential vulnerabilities that may arise from the observation or measurement of a DataDiode’s physical and performance characteristics. Factors to consider are power consumption, electromagnetic radiation, and timing behaviour. DataDiodes can use encryption, shielding, filtering, or randomisation to counter these threats.
  • Fault injection: EAL7+ requires fault tolerance and error detection mechanisms.  These mechanisms must prevent or correct the effects of intentional or accidental faults that compromise the functionality or security of a system. For example, the DataDiode can use redundancy, checksums, or watchdogs to ensure the integrity and availability of data transfer.
    EXAMPLE: To prevent fault injection, one of western Europe’s largest metro systems uses a few dozen DataDiodes to control data flowing out of its operating system to public timetable screens. The main objective of these diodes is to prevent hostile interference in the train signalling systems.
  • Reverse engineering: EAL7+ requires all aspects of the DataDiode to be thoroughly documented and verified using formal methods. This ensures a complete and consistent representation of a DataDiode’s design, components, operation, and security functionality. Its verification process involves the use of mathematical models, proofs, or other tests as evidence that the DataDiode conforms to its designed specifications. You can quickly tell that you are dealing with the original product and that it is operating as intended.  

EAL7+’s role in ensuring the highest level of security assurance

Beyond physical tampering, side-channel analysis, fault injection, and reverse engineering, EAL7+ certification is concerned with achieving reliability, integrity and confidentiality. To provide evidence that a DataDiode fulfils these aims, EAL7+ requires manufacturers to demonstrate a DataDiode’s resistance to a full range of cyber attacks. This is done through extensive functional and penetration testing that establishes the DataDiode’s effectiveness.

The types of attack used may be general or specific to DataDiodes. For example, DataDiodes use fibre-optic cables through which light passes. These cables are tested to ensure that no light leaks can be tapped or that any light flows back in the undesired direction. These are diode-specific threats.

Attacks must be considered throughout the supply chain. During the manufacturing process, thorough testing is carried out. This is to ensure that the DataDiode received is precisely as ordered, with no additional components or alterations. This guarantees that the delivered product is in its original form, with an intact seal and the assurance that it operates as promised. 

Industry applications

Only a few DataDiodes in the world have achieved an EAL7+ level of certification. The Fox DataDiode is one of them. But who are these highly secure DataDiodes produced for?

  • Government and public sector: EAL7+ products or systems can safeguard up to state secret level or personal information from malicious actors or insider threats. These products and systems might need to be extremely secure to comply with the legal and regulatory requirements for data protection and privacy.
  • Military and defence: EAL7+ products protect sensitive information from unauthorized access or ensure the integrity of critical defence activity. DataDiodes prevent cyber attacks and espionage on military networks.
  • Critical infrastructure: This includes essential systems such as energy, water, transportation, healthcare and security. Critical infrastructure is vulnerable to cyber attacks, especially with default passwords or exposure to the open internet. EAL7+ products protect critical infrastructure from cyber attacks and ensure their resilience and business continuity. 
    EXAMPLE: Iranian hackers tried to contaminate US water with sodium hydroxide in Oldsmar, Florida. DataDiodes can safeguard an industrial control system such as this and prevent access to operating technology.

To sum it up

You can use a DataDiode for two things: to secure your information and to secure your systems. With an CC EAL7+ DataDiode, you get the most enhanced security possible, EAL7+ certifies that a DataDiode has been fully appraised for its resistance to physical tampering, side-channel analysis, fault injection and reverse engineering.

An EAL7+ rating also ensures confidence in the proper functioning and integrity of the DataDiode in the face of a full range of cyber threats. This automatically gives assurance for a range of important regulatory and compliance requirements for safety and data security.

If you manage a network used for vital operations or for holding data of the highest sensitivity, then security is your number one concern. That means considering the threat of highly sophisticated adversaries who employ teams of people to try every method available to break into your network, night and day, 365 days a year. 

If for some reason it is essential to have a public-facing network, there is only one viable option: an EAL7+-rated DataDiode. One that guarantees that it does what it’s supposed to do and doesn’t do what it’s not supposed to do.